The branch, master has been updated
via 2f4b21b ntdb: switch between secrets.tdb and secrets.ntdb depending
on 'use ntdb'
via 3c9c302 param: 'use ntdb' flag (off by default).
via e201033 tdb_wrap: prevent tdbs called ".ntdb" or without extensions.
via 53aac0b dbwrap_local_open: never open the .tdb if there is an .ntdb
via f3c0d1d dbwrap_local_open: open NTDB if extension is .ntdb
via 48a4270 source3: explicitly disable NTDB support.
via 63a6381 dbwrap: dbwrap_ntdb.c
via 3d82f78 ntdb: fix database corruption when transaction doesn't
change anything.
from 85b6329 s3:selftest: generate ${SELFTESTPREFIX}/subunit with the
raw output
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2f4b21bb57c4f96c5f5b57a69d022c142d8088d5
Author: Rusty Russell <[email protected]>
Date: Wed Feb 20 14:59:42 2013 +1030
ntdb: switch between secrets.tdb and secrets.ntdb depending on 'use ntdb'
Since we open with dbwrap, it auto-converts old tdbs (which it will
rename to secrets.tdb.bak once it's done).
Signed-off-by: Rusty Russell <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Autobuild-User(master): Rusty Russell <[email protected]>
Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
commit 3c9c3029f2bcf10ef614dd9f923d02232db3ac8d
Author: Rusty Russell <[email protected]>
Date: Wed Feb 20 14:59:42 2013 +1030
param: 'use ntdb' flag (off by default).
For simplicity, we use this in the caller to choose between filenames.
Signed-off-by: Rusty Russell <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit e201033e84b54b13acc751db2b67cff159e12a0e
Author: Rusty Russell <[email protected]>
Date: Wed Feb 20 14:59:42 2013 +1030
tdb_wrap: prevent tdbs called ".ntdb" or without extensions.
This is another belt-and-braces check in case someone decides to turn
on the fancy new .ntdb extension, and we haven't converted it to ntdb.
Signed-off-by: Rusty Russell <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 53aac0bc9384db68c5ff469b07ae757ca1051cec
Author: Rusty Russell <[email protected]>
Date: Wed Feb 20 14:59:42 2013 +1030
dbwrap_local_open: never open the .tdb if there is an .ntdb
This provides an extra safety check that everyone is using one or the
other: you can't create a tdb file if there's an ntdb file.
Signed-off-by: Rusty Russell <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit f3c0d1d7fe71be7e8b2d1a9780586f8654b46469
Author: Rusty Russell <[email protected]>
Date: Wed Feb 20 14:59:42 2013 +1030
dbwrap_local_open: open NTDB if extension is .ntdb
This switches dbwrap_local_open() based on the extension of the
database name, so it handles both TDB and NTDB files.
Moreover, if asked to open a .ntdb, and there's no ntdb file but
there's a .tdb file, it converts that then moves it to .tdb.bak before
opening, and turn the .tdb file into a dangling symlink to make sure
it's never accidentally re-created or used:
$ ls -l secrets.tdb
lrwxrwxrwx 1 rusty rusty 23 Feb 11 11:31 secrets.tdb -> This is now in
an NTDB
This provides transparent upgrade if people decide to use NTDB on a
database. Downgrade would be manual, eg:
ntdbdump foo.ntdb | tdbrestore foo.tdb && mv foo.ntdb foo.ntdb.bak
Signed-off-by: Rusty Russell <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 48a42708aead320bfbcee16ae76d095c014802de
Author: Rusty Russell <[email protected]>
Date: Wed Feb 20 14:59:42 2013 +1030
source3: explicitly disable NTDB support.
The next patch make dbwrap_local_open() call the ntdb backend for ntdb
files, but we don't want to add ntdb support to the old autoconf
build. It's cleaner to use the existing DISABLE_NTDB flag rather than
test for _SAMBA_BUILD_ in dbwrap_local_open.c.
Signed-off-by: Rusty Russell <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 63a6381a26171f069cdc7465ca753f0b3c5d26f2
Author: Rusty Russell <[email protected]>
Date: Wed Feb 20 14:58:59 2013 +1030
dbwrap: dbwrap_ntdb.c
This is a dbwrap backend for ntdb. It's a fairly straight conversion from
the tdb version.
Signed-off-by: Rusty Russell <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 3d82f786ecdd6747e90fe480a15de8c3fcea5f7b
Author: Rusty Russell <[email protected]>
Date: Sun Feb 17 20:56:34 2013 +1030
ntdb: fix database corruption when transaction doesn't change anything.
ntdb's transaction code has an optimization which tdb's doesnt: it
only writes the parts of blocks whose contents have changed. This
means we can actually have a transaction which turns out to need no
recovery region.
This breaks the recovery setup logic, which sets the current recovery
size to 0 if there's no recovery area, and assumes that we'll always
create a new recovery area since the recovery will always need > 0
bytes.
In fact, if we really haven't changed anything, we can skip the
transaction commit altogether: since this happens at least once with
Samba, it's worth doing.
Signed-off-by: Rusty Russell <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_secrets.c | 4 +-
docs-xml/manpages/net.8.xml | 2 +-
docs-xml/manpages/smbpasswd.8.xml | 4 +-
docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml | 2 +-
.../smbdotconf/domain/machinepasswordtimeout.xml | 2 +-
docs-xml/smbdotconf/ldap/ldapadmindn.xml | 2 +-
docs-xml/smbdotconf/security/kerberosmethod.xml | 4 +-
docs-xml/smbdotconf/security/privatedir.xml | 2 +-
docs-xml/smbdotconf/tuning/usentdb.xml | 23 +
examples/misc/adssearch.pl | 18 +-
lib/dbwrap/dbwrap_local_open.c | 167 +++++-
lib/dbwrap/dbwrap_ntdb.c | 689 ++++++++++++++++++++
.../dbwrap_ctdb.h => lib/dbwrap/dbwrap_ntdb.h | 21 +-
lib/dbwrap/wscript_build | 20 +-
lib/ntdb/test/api-60-noop-transaction.c | 58 ++
lib/ntdb/transaction.c | 47 +-
lib/ntdb/wscript | 1 +
lib/param/param_functions.c | 1 +
lib/param/param_table.c | 9 +
lib/tdb/man/tdbbackup.8.xml | 5 +
lib/tdb_wrap/tdb_wrap.c | 8 +
selftest/target/Samba3.pm | 3 +
selftest/target/Samba4.pm | 2 +-
source3/Makefile.in | 1 +
source3/include/proto.h | 1 +
source3/include/secrets.h | 2 +-
source3/param/loadparm_ctx.c | 1 +
source3/passdb/py_passdb.c | 2 +-
source3/passdb/secrets.c | 8 +-
source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c | 13 +-
source4/scripting/python/samba/tests/provision.py | 9 +-
.../python/samba/tests/upgradeprovision.py | 2 +-
.../python/samba/tests/upgradeprovisionneeddc.py | 2 +-
33 files changed, 1065 insertions(+), 70 deletions(-)
create mode 100644 docs-xml/smbdotconf/tuning/usentdb.xml
create mode 100644 lib/dbwrap/dbwrap_ntdb.c
copy source3/lib/dbwrap/dbwrap_ctdb.h => lib/dbwrap/dbwrap_ntdb.h (71%)
create mode 100644 lib/ntdb/test/api-60-noop-transaction.c
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_secrets.c
b/auth/credentials/credentials_secrets.c
index a44fe1c..730f047 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -245,7 +245,9 @@ _PUBLIC_ NTSTATUS
cli_credentials_set_machine_account(struct cli_credentials *cr
if (!tmp_ctx) {
return NT_STATUS_NO_MEMORY;
}
- secrets_tdb = lpcfg_private_path(cred, lp_ctx, "secrets.tdb");
+ secrets_tdb = lpcfg_private_path(cred, lp_ctx,
+ lpcfg_use_ntdb(lp_ctx) ?
+ "secrets.ntdb" : "secrets.tdb");
if (!secrets_tdb) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 3765af9..01044e1 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1001,7 +1001,7 @@ local server. You need to run this against the PDC, from
a Samba machine joined
<refsect2>
<title>RPC GETSID</title>
-<para>Fetch domain SID and store it in the local
<filename>secrets.tdb</filename>. </para>
+<para>Fetch domain SID and store it in the local
<filename>secrets.tdb</filename> (or <filename>secrets.ntdb</filename>). </para>
</refsect2>
diff --git a/docs-xml/manpages/smbpasswd.8.xml
b/docs-xml/manpages/smbpasswd.8.xml
index 376044c..88e7e86 100644
--- a/docs-xml/manpages/smbpasswd.8.xml
+++ b/docs-xml/manpages/smbpasswd.8.xml
@@ -326,7 +326,7 @@
has been compiled with LDAP support. The
<parameter>-w</parameter>
switch is used to specify the password to be used with the
<smbconfoption name="ldap admin dn"/>. Note that the password
is stored in
- the <filename>secrets.tdb</filename> and is keyed off
+ the <filename>secrets.tdb</filename> (or
<filename>secrets.ntdb</filename>) and is keyed off
of the admin's DN. This means that if the value of
<parameter>ldap
admin dn</parameter> ever changes, the password will need to be
manually updated as well.
@@ -343,7 +343,7 @@
has been compiled with LDAP support. The
<parameter>-W</parameter>
switch is used to specify the password to be used with the
<smbconfoption name="ldap admin dn"/>. Note that the password
is stored in
- the <filename>secrets.tdb</filename> and is keyed off
+ the <filename>secrets.tdb</filename> (or
<filename>secrets.ntdb</filename>) and is keyed off
of the admin's DN. This means that if the value of
<parameter>ldap
admin dn</parameter> ever changes, the password will need to be
manually updated as well.
diff --git a/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
b/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
index 0d682c2..842856b 100644
--- a/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
+++ b/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
@@ -129,7 +129,7 @@
<itemizedlist>
<listitem>
<para>
- The data from the module may be send encrypted, with a key
stored in secrets.tdb. The
+ The data from the module may be send encrypted, with a key
stored in secrets.tdb (or secrets.ntdb). The
Receiver then has to use the same key. The module does AES
block encryption over the
data to send.
</para>
diff --git a/docs-xml/smbdotconf/domain/machinepasswordtimeout.xml
b/docs-xml/smbdotconf/domain/machinepasswordtimeout.xml
index a8e312b..4f55e81 100644
--- a/docs-xml/smbdotconf/domain/machinepasswordtimeout.xml
+++ b/docs-xml/smbdotconf/domain/machinepasswordtimeout.xml
@@ -9,7 +9,7 @@
If a Samba server is a member of a Windows NT Domain (see the
<smbconfoption
name="security">domain</smbconfoption> parameter) then periodically a
running smbd process will try and change
the MACHINE ACCOUNT PASSWORD stored in the TDB called <filename
moreinfo="none">private/secrets.tdb
- </filename>. This parameter specifies how often this password will be
changed, in seconds. The default is one
+ </filename> (or <filename
moreinfo="none">private/secrets.ntdb</filename>). This parameter specifies how
often this password will be changed, in seconds. The default is one
week (expressed in seconds), the same as a Windows NT Domain member
server.
</para>
diff --git a/docs-xml/smbdotconf/ldap/ldapadmindn.xml
b/docs-xml/smbdotconf/ldap/ldapadmindn.xml
index 442d242..b5fe0fb 100644
--- a/docs-xml/smbdotconf/ldap/ldapadmindn.xml
+++ b/docs-xml/smbdotconf/ldap/ldapadmindn.xml
@@ -8,7 +8,7 @@
<para>
The <smbconfoption name="ldap admin dn"/> defines the Distinguished
Name (DN) name used by Samba to contact
the ldap server when retreiving user account information. The
<smbconfoption name="ldap admin dn"/> is used
- in conjunction with the admin dn password stored in the <filename
moreinfo="none">private/secrets.tdb</filename>
+ in conjunction with the admin dn password stored in the <filename
moreinfo="none">private/secrets.tdb</filename> (or <filename
moreinfo="none">private/secrets.ntdb</filename>)
file. See the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>
man page for more information on how to accomplish this.
</para>
diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml
b/docs-xml/smbdotconf/security/kerberosmethod.xml
index 3a11e06..cc8a69b 100644
--- a/docs-xml/smbdotconf/security/kerberosmethod.xml
+++ b/docs-xml/smbdotconf/security/kerberosmethod.xml
@@ -8,7 +8,7 @@
<para>Valid options are:</para>
<itemizedlist>
- <listitem><para>secrets only - use only the secrets.tdb for
+ <listitem><para>secrets only - use only the secrets.(n)tdb for
ticket verification (default)</para></listitem>
<listitem><para>system keytab - use only the system keytab
@@ -17,7 +17,7 @@
<listitem><para>dedicated keytab - use a dedicated keytab
for ticket verification</para></listitem>
- <listitem><para>secrets and keytab - use the secrets.tdb
+ <listitem><para>secrets and keytab - use the secrets.(n)tdb
first, then the system keytab</para></listitem>
</itemizedlist>
diff --git a/docs-xml/smbdotconf/security/privatedir.xml
b/docs-xml/smbdotconf/security/privatedir.xml
index 46d4a82..2f4b576 100644
--- a/docs-xml/smbdotconf/security/privatedir.xml
+++ b/docs-xml/smbdotconf/security/privatedir.xml
@@ -7,7 +7,7 @@
<description>
<para>This parameters defines the directory
smbd will use for storing such files as <filename
moreinfo="none">smbpasswd</filename>
- and <filename moreinfo="none">secrets.tdb</filename>.
+ and <filename moreinfo="none">secrets.tdb</filename> (or <filename
moreinfo="none">secrets.ntdb</filename>).
</para>
</description>
diff --git a/docs-xml/smbdotconf/tuning/usentdb.xml
b/docs-xml/smbdotconf/tuning/usentdb.xml
new file mode 100644
index 0000000..9a0d2cd
--- /dev/null
+++ b/docs-xml/smbdotconf/tuning/usentdb.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="use ntdb"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
+<description>
+ <para>Beginning in Samba 4.1, a growing number of databases can
+ use the NTDB format rather than TDB.
+ </para>
+ <para>If you enable this option these databases will defaul to a
+ <filename>.ntdb</filename> extension rather than
+ <filename>.tdb</filename>: If the <filename>.tdb</filename> file
+ exists, it will automatically be converted to NTDB and renamed to
+ <filename>.tdb.bak</filename>.
+ </para>
+ <para>Filenames explicitly specified in
+ <filename>smb.conf</filename> will be respected (ie. the format
+ will depend on the <filename>.ntdb</filename> or
+ <filename>.tdb</filename> extension).
+ </para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/examples/misc/adssearch.pl b/examples/misc/adssearch.pl
index 13a85be..02c4464 100755
--- a/examples/misc/adssearch.pl
+++ b/examples/misc/adssearch.pl
@@ -42,11 +42,13 @@ my $rebind_url;
my $tdbdump = "/usr/bin/tdbdump";
+my $ntdbdump = "/usr/bin/ntdbdump";
my $testparm = "/usr/bin/testparm";
my $net = "/usr/bin/net";
my $dig = "/usr/bin/dig";
my $nmblookup = "/usr/bin/nmblookup";
my $secrets_tdb = "/etc/samba/secrets.tdb";
+my $secrets_ntdb = "/etc/samba/secrets.ntdb";
my $klist = "/usr/bin/klist";
my $kinit = "/usr/bin/kinit";
my $workgroup = "";
@@ -723,13 +725,21 @@ sub get_machine_password {
my $workgroup = shift || "";
$workgroup = uc($workgroup);
- my ($found, $tmp);
- -x $tdbdump || die "tdbdump is not installed. cannot proceed
autodetection\n";
- -r $secrets_tdb || die "cannot read $secrets_tdb. cannot proceed
autodetection\n";
+ my ($found, $tmp, $dbdump, $db);
+ if (-r $secrets_ntdb) {
+ -x $ntdbdump || die "ntdbdump is not installed. cannot proceed
autodetection\n";
+ $dbdump = $ntdbdump;
+ $db = $secrets_ntdb;
+ } else {
+ -x $tdbdump || die "tdbdump is not installed. cannot proceed
autodetection\n";
+ -r $secrets_tdb || die "cannot read $secrets_tdb. cannot proceed
autodetection\n";
+ $dbdump = $tdbdump;
+ $db = $secrets_tdb;
+ }
# get machine-password
my $key = sprintf("SECRETS/MACHINE_PASSWORD/%s", $workgroup);
- open(SECRETS,"$tdbdump $secrets_tdb |");
+ open(SECRETS,"$dbdump $db |");
while(my $line = <SECRETS>) {
chomp($line);
if ($found) {
diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c
index fb5f17e..c2eb7b7 100644
--- a/lib/dbwrap/dbwrap_local_open.c
+++ b/lib/dbwrap/dbwrap_local_open.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_tdb.h"
+#include "dbwrap/dbwrap_ntdb.h"
#include "tdb.h"
#ifndef DISABLE_NTDB
#include "lib/util/util_ntdb.h"
@@ -29,6 +30,135 @@
#include "system/filesys.h"
#include "ccan/str/str.h"
+#ifndef DISABLE_NTDB
+struct flag_map {
+ int tdb_flag;
+ int ntdb_flag;
+};
+
+static const struct flag_map tdb_ntdb_flags[] = {
+ { TDB_CLEAR_IF_FIRST, NTDB_CLEAR_IF_FIRST },
+ { TDB_INTERNAL, NTDB_INTERNAL },
+ { TDB_NOLOCK, NTDB_NOLOCK },
+ { TDB_NOMMAP, NTDB_NOMMAP },
+ { TDB_CONVERT, NTDB_CONVERT },
+ { TDB_NOSYNC, NTDB_NOSYNC },
+ { TDB_SEQNUM, NTDB_SEQNUM },
+ { TDB_VOLATILE, 0 },
+ { TDB_ALLOW_NESTING, NTDB_ALLOW_NESTING },
+ { TDB_DISALLOW_NESTING, 0 },
+ { TDB_INCOMPATIBLE_HASH, 0 }
+};
+
+static int tdb_flags_to_ntdb_flags(int tdb_flags)
+{
+ unsigned int i;
+ int ntdb_flags = 0;
+
+ /* TDB allows nesting unless told not to. */
+ if (!(tdb_flags & TDB_DISALLOW_NESTING))
+ ntdb_flags |= NTDB_ALLOW_NESTING;
+
+ for (i = 0; i < sizeof(tdb_ntdb_flags)/sizeof(tdb_ntdb_flags[0]); i++) {
+ if (tdb_flags & tdb_ntdb_flags[i].tdb_flag) {
+ tdb_flags &= ~tdb_ntdb_flags[i].tdb_flag;
+ ntdb_flags |= tdb_ntdb_flags[i].ntdb_flag;
+ }
+ }
+
+ SMB_ASSERT(tdb_flags == 0);
+ return ntdb_flags;
+}
+
+struct trav_data {
+ struct db_context *ntdb;
+ NTSTATUS status;
+};
+
+static int write_to_ntdb(struct db_record *rec, void *_tdata)
+{
+ struct trav_data *tdata = _tdata;
+ TDB_DATA key, value;
+
+ key = dbwrap_record_get_key(rec);
+ value = dbwrap_record_get_value(rec);
+
+ tdata->status = dbwrap_store(tdata->ntdb, key, value, TDB_INSERT);
+ if (!NT_STATUS_IS_OK(tdata->status)) {
+ return 1;
+ }
+ return 0;
+}
+
+static bool tdb_to_ntdb(TALLOC_CTX *ctx, struct loadparm_context *lp_ctx,
+ const char *tdbname, const char *ntdbname)
+{
+ struct db_context *ntdb, *tdb;
+ char *bakname;
+ const char *tdbbase, *bakbase;
+ struct trav_data tdata;
+ struct stat st;
+
+ /* We need permissions from the tdb file. */
+ if (stat(tdbname, &st) == -1) {
+ DEBUG(0, ("tdb_to_ntdb: fstat %s failed: %s\n",
+ tdbname, strerror(errno)));
+ return false;
+ }
+ tdb = db_open_tdb(ctx, lp_ctx, tdbname, 0,
+ TDB_DEFAULT, O_RDONLY, 0, 0);
+ if (!tdb) {
+ DEBUG(0, ("tdb_to_ntdb: could not open %s: %s\n",
+ tdbname, strerror(errno)));
+ return false;
+ }
+ ntdb = db_open_ntdb(ctx, lp_ctx, ntdbname, dbwrap_hash_size(tdb),
+ TDB_DEFAULT, O_RDWR|O_CREAT|O_EXCL,
+ st.st_mode & 0777, 0);
+ if (!ntdb) {
+ DEBUG(0, ("tdb_to_ntdb: could not create %s: %s\n",
+ ntdbname, strerror(errno)));
+ return false;
+ }
+ bakname = talloc_asprintf(ctx, "%s.bak", tdbname);
+ if (!bakname) {
+ DEBUG(0, ("tdb_to_ntdb: could not allocate\n"));
+ return false;
+ }
+
+ tdata.status = NT_STATUS_OK;
+ tdata.ntdb = ntdb;
+ if (!NT_STATUS_IS_OK(dbwrap_traverse_read(tdb, write_to_ntdb, &tdata,
+ NULL))) {
+ return false;
+ }
+ if (!NT_STATUS_IS_OK(tdata.status)) {
+ return false;
+ }
+
+ if (rename(tdbname, bakname) != 0) {
+ DEBUG(0, ("tdb_to_ntdb: could not rename %s to %s\n",
+ tdbname, bakname));
+ unlink(ntdbname);
+ return false;
+ }
+
+ /* Make sure it's never accidentally used. */
+ symlink("This is now in an NTDB", tdbname);
+
+ /* Make message a bit shorter by using basenames. */
+ tdbbase = strrchr(tdbname, '/');
+ if (!tdbbase)
+ tdbbase = tdbname;
+ bakbase = strrchr(bakname, '/');
+ if (!bakbase)
+ bakbase = bakname;
+ DEBUG(1, ("Upgraded %s from %s (which moved to %s)\n",
+ ntdbname, tdbbase, bakbase));
+ return true;
+}
+#endif /* !DISABLE_NTDB */
+
struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *name,
@@ -54,7 +184,10 @@ struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
"%.*s.tdb",
(int)strlen(name) - 5, name);
} else {
- ntdbname = tdbname = name;
+ DEBUG(1, ("WARNING: database '%s' does not end in .[n]tdb:"
+ " treating it as a TDB file!\n", name));
+ ntdbname = talloc_strdup(tmp_ctx, name);
+ tdbname = name;
}
if (ntdbname == NULL || tdbname == NULL) {
@@ -62,10 +195,34 @@ struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
goto out;
}
- /* We currently always open a tdb, not an ntdb. */
- db = db_open_tdb(mem_ctx, lp_ctx, tdbname, hash_size,
- tdb_flags, open_flags, mode,
- lock_order);
+ if (name == ntdbname) {
+#ifdef DISABLE_NTDB
+ DEBUG(1, ("WARNING: no ntdb support to open '%s'\n", name));
+#else
+ int ntdb_flags = tdb_flags_to_ntdb_flags(tdb_flags);
+
+ /* For non-internal databases, we upgrade on demand. */
+ if (!(tdb_flags & TDB_INTERNAL)) {
+ if (!file_exist(ntdbname) && file_exist(tdbname)) {
+ if (!tdb_to_ntdb(tmp_ctx, lp_ctx,
+ tdbname, ntdbname)) {
+ goto out;
+ }
+ }
+ }
+ db = db_open_ntdb(mem_ctx, lp_ctx, ntdbname, hash_size,
+ ntdb_flags, open_flags, mode, lock_order);
+#endif
+ } else {
+ if (!streq(ntdbname, tdbname) && file_exist(ntdbname)) {
+ DEBUG(0, ("Refusing to open '%s' when '%s' exists\n",
+ tdbname, ntdbname));
+ goto out;
+ }
+ db = db_open_tdb(mem_ctx, lp_ctx, tdbname, hash_size,
+ tdb_flags, open_flags, mode,
+ lock_order);
+ }
out:
talloc_free(tmp_ctx);
return db;
diff --git a/lib/dbwrap/dbwrap_ntdb.c b/lib/dbwrap/dbwrap_ntdb.c
new file mode 100644
index 0000000..5be7b84
--- /dev/null
+++ b/lib/dbwrap/dbwrap_ntdb.c
@@ -0,0 +1,689 @@
+/*
+ Unix SMB/CIFS implementation.
+ Database interface wrapper around ntdb
+ Copyright (C) Volker Lendecke 2005-2007
+ Copyright (C) Rusty Russell 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_private.h"
+#include "dbwrap/dbwrap_ntdb.h"
+#include "system/filesys.h"
+#include "lib/util/util_ntdb.h"
+#include "ccan/str/str.h"
+
+struct db_ntdb_ctx {
+ struct ntdb_context *ntdb;
+
+ struct {
+ dev_t dev;
+ ino_t ino;
+ } id;
+};
+
+static int tdb_store_flag_to_ntdb(int tdb_flag)
+{
+ switch (tdb_flag) {
+ /* In fact, any value defaults to TDB_REPLACE in tdb! */
+ case 0:
+ case TDB_REPLACE:
+ return NTDB_REPLACE;
+ case TDB_INSERT:
+ return NTDB_INSERT;
+ case TDB_MODIFY:
+ return NTDB_MODIFY;
+ default:
+ smb_panic("unknown tdb_flag");
+ }
+}
+
+static NTSTATUS db_ntdb_store(struct db_record *rec, NTDB_DATA data, int flag)
+{
+ int ntdb_flag = tdb_store_flag_to_ntdb(flag);
+ struct db_ntdb_ctx *ctx = talloc_get_type_abort(rec->private_data,
+ struct db_ntdb_ctx);
+
+ /*
+ * This has a bug: We need to replace rec->value for correct
+ * operation, but right now brlock and locking don't use the value
+ * anymore after it was stored.
+ */
+
+ if (ntdb_store(ctx->ntdb, rec->key, data, ntdb_flag) == NTDB_SUCCESS) {
+ return NT_STATUS_OK;
+ }
+ return NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS db_ntdb_delete(struct db_record *rec)
+{
+ enum NTDB_ERROR err;
+ struct db_ntdb_ctx *ctx = talloc_get_type_abort(rec->private_data,
+ struct db_ntdb_ctx);
+
+ err = ntdb_delete(ctx->ntdb, rec->key);
+ if (err == NTDB_SUCCESS) {
+ return NT_STATUS_OK;
+ }
+
+ if (err == NTDB_ERR_NOEXIST) {
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ return NT_STATUS_UNSUCCESSFUL;
+}
+
+static void db_ntdb_log_key(const char *prefix, NTDB_DATA key)
+{
+ size_t len;
+ char *keystr;
+
+ if (DEBUGLEVEL < 10) {
+ return;
+ }
+ len = key.dsize;
--
Samba Shared Repository
